847
submitted 3 months ago* (last edited 3 months ago) by cron@feddit.org to c/cybersecuritymemes@lemmy.world

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments
[-] AA5B@lemmy.world 2 points 3 months ago

The longer it is, the harder for anyone to guess, write down, remember, or brute force. For that long a password, someone can actually see my password and then have effectively zero chance of being able to use it.

But maybe it’s more a ”why not?” In one side it’s generated so you can use it equally well, and in the other side it should be hashed to a standard length so they should be able to manage it equally well.

[-] frezik@midwest.social 1 points 3 months ago

When I did the math with a reasonable list of alphanums and symbols on a US standard keyboard, a 40 char randomly generated password had equivalent security to a 256 but block cipher key. Describing the difficulty in brute forcing that starts with the phrase "assume you can convert all the energy from a supernova at 100% efficiency into a thermodynamiclly perfect computer". A roundabout way of saying impossible.

40 chars random is already overkill.

this post was submitted on 18 Aug 2024
847 points (98.8% liked)

Cybersecurity - Memes

1893 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS